Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: Tamper Protection Settings when App Control and EDR are Installed

EDR: Tamper Protection Settings when App Control and EDR are Installed

Environment

  • EDR Sensor: All Supported Versions
  • App Control Agent: All Supported Versions
  • Microsoft Windows: All Supported Versions

Objective

How to properly enable Tamper Protect when the EDR Sensor and App Control Agent are both installed on the same endpoint.

Resolution

  1. Log in to the App Control Console and navigate to Rules > Software Rules > Rapid Configs.
  2. Verify the Rapid Config, "Carbon Black EDR Tamper Protection" has been Disabled.
  3. Configure Tamper Protection for each product separately:
    1. App Control: How to Disable/Enable Tamper Protection
    2. EDR: How to Enable Tamper Detection or Tamper Protection

Additional Notes

  • Enabling the Rapid Config in App Control when Tamper Protection is already enabled in EDR is not recommended, and does not provide extra protection.
  • The App Control Rapid Config is designed to be used only when EDR Tamper Protection cannot be.
  • Any Windows sensor in a Sensor Group that has Tamper Protection applied but does not meet the minimum OS requirements will default to Tamper Detection.
  • Requirements for EDR Windows Tamper Protection:
    • Minimum OS Versions of Windows 10 v1703 (Desktop) or Windows Server v1709 (Windows build 15163)
    • Minimum Carbon Black EDR versions of v7.2.0 Windows EDR sensor and
    • v7.4.0 Carbon Black EDR Server

Related Content


Labels (2)
Tags (3)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎05-26-2022
Views:
661
Contributors